Smart access management to define access roles for your users. 

One of the most important aspects of app development is to ensure whocan access the application and what actions a user can perform. With ROQ's access management, you can:

  • Define roles and assign them to your users
  • Setup permissions and enforce them on your application.

Access management works smoothly with ROQ's multi-tenancy capability as it automatically isolates what users can see and do into the boundaries of their tenant.


The access managment features helps to reduce risk, to speed up development time, and to provide a better way to understand, track and manage access to your SaaS application.

By using ROQ's access management system, you get these benefits:

  1. 1

    It reduces the effort to build your checks and the risk of rules being lost during refactoring.

  2. 2

    ROQ's access management system is more robust and less prone to bugs as it's developed, tested, and maintained by experts.

  3. 3

    With the pre-built system, access management is centralized, making it easier to see who has access to what and ensure that authorization is working correctly.

  4. 4

    It can also provide audibility, traceability, and analysis of the authorization request.

Key Functionalitities

ROQ's buildQueryPlan() API enables you to automatically generate a list of WHERE conditions which you can easily apply to any query using ORM adapters. The query plan is created based on the current user and the accessed entity. The query plan can be used to check if the user can access any record and filter down data to what the user is allowed to retrieve. The result of this API can be cached on your application to reduce runtime dependencies on ROQ Platform. There is no need to synchronize your entire database over to ROQ. The actual check happens on your side.
Permission defines a specific action that a user is allowed to perform. Permissions are typically assigned to a role, and a user who belongs to that role will be able to perform those actions. For example, permission to "view all user data" might be assigned to the "admin" role, while the "regular user" role might be permitted to "view only their user data." Permissions are managed via the console.
A role defines a set of permissions the user can perform. Roles are usually determined based on a user's responsibilities within an organization and are typically used to group users with similar permissions. For example, an "admin" role might have access to all functionality within the SaaS application, while a "regular user" role might have more limited access. You can define roles in the console and assign them to users programmatically via the assignRolesToUser API.


Through the console you can set up user roles in matter of minutes. Define user roles that fit to your business logic, name them accordingly and add a description. For every user role you can individually specify very granular the scope of their permissions.

Get Started